Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: What would be involved in setting up a hacking lab?

  1. #1
    Junior Member
    Join Date
    May 2004
    Posts
    7

    What would be involved in setting up a hacking lab?

    Howdee all

    I wanna get into computer security, and I can get access to some spare PC's, and I'm wondering if I can set up a security lab for me to practise some basic hacking skills on... Be it a few Linux machines and Windows Machines

    I'm good at the social engineering side of things, just I would like to pick up on my tech side of things

    Thanks

  2. #2
    I'm good at the social engineering side of things
    Is this considered a really bad or really good attempt at social engineering? It boggles the mind. Too stupid to mask the attempt, or so smart they know to appear un-informed?

    If you have the hardware... sure, you can setup a lab. I have 2 desktops running win or *nix and a laptop that can be connected to the network either wirelessly or wired. Not much to it really. I have a Linksys 802.11g wireless router and a cable modem. So I can test my own systems from the inside, or go to a free wap and test from the outside. But you should get the WAP owner's permission before testing from there. (make friends with the local coffee shop owner)

    So, setup your network... hit the bookstore, google, this site, etc... Just don't ask "How do I hack into hotmail" or "my friend's ip is xxx.xxx.xxx.xxx can someone here hack it for me?"

    And for software, the gnu development tools are a necessity. Nmap, snort, all those tools. pick up a linux distro like slackware and most importantly: read read read
    You are so bored that you are reading my signature?

  3. #3
    Ok, You can run a wargame on almost any system (and in a few easy steps, too)
    Step1) Get a 50 Gig hard drive (for a few OSs and later patches)
    Step 2) Clean install the OSs you want to try and 'hack' (may I reccomend Debian[sarge|woody|potato|, *BSD, and possibly Windows)
    Step 3) 'hack' into the system, after you do, google for bugs relating to what you did. If they exist, patch, and try again. If not, report them and continue.

    It would be awesome if you were willing to do this for the AO community

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I would recommend that you take great care setting up any public box where you invite people to play around. They WILL try to do nasty things to it.

    Running it directly on physical hardware is a liability in itself, as someone who gains root access and potentially damage the hardware.

    Network setup needs to be done very carefully, to prevent unauthorised egress from the systems - even if they are comprimised (as may be the intention). Otherwise you will rapidly finding your systems festering irc-bot bounce servers full of unauthorised proxies and warez dumps.

    Finally you need to ensure that denial of service is not easy - otherwise (from my experience), you will get people turning up with the sole purpose of denying you and anybody else who might want a go, any service at all.

    Slarty

  5. #5
    Just quarantine the system from any other computers in your network. He did say he was going to use old hardware, so I don't think it would matter much if anyone 'damaged' it.

  6. #6
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    MsMittens has a nice wargames tutorial that I think you may find helpful.

    This link should provide you with plenty of information to get you going also.

  7. #7
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    Kez,

    Try this PDF on creating a home security lab:

    http://www.giac.org/practical/GSEC/R...liott_GSEC.pdf

    Also check out this Word document about creating a security lab with virtual machines:

    www.giac.org/practical/Edwin_Hart_GSEC.doc

    Have fun hacking yourself

    mjk

  8. #8
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    How advanced do you want to get?


    I would set up 2 boxes, both dual booting Windows and Linux, and a separate box running whatever you want to act as sort of a monitor. Run Ethereal to capture the interactions between the machines. Watch the interactions from all sides. Watch how they talk to each other. Scrutinize the logs from the attacked machine. Make sure you you actually understand what you are reading. Look into more than just basic exploits. Set up anything that would require server based authentication (ex: access a shared (password protected) file on one machine from the other), and watch the interaction as your "legitimate user" accesses something on the network.

    Once you've had your fill of this, set up a webserver, have some fun, and move on...
    Real security doesn't come with an installer.

  9. #9
    Junior Member
    Join Date
    May 2004
    Posts
    7
    Originally posted here by annihilator_god
    Is this considered a really bad or really good attempt at social engineering? It boggles the mind. Too stupid to mask the attempt, or so smart they know to appear un-informed?
    haha, I just realised that, it could be taken either way, but d/w, I'm smart, but I am uninformed about the tech side of things. And no, it wasnt an attempt at social engineering

    I'm not doing anything illegal by setting up a hacklab in my basement am I?

    And it's not going to be hooked up to the net as yet, as I only have 56/k :P, but once i get ADSL, I'm more than happy to allow AO memebers to access it

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I'm not doing anything illegal by setting up a hacklab in my basement am I?
    If you're using it by yourself or with those that visit? No

    And it's not going to be hooked up to the net as yet, as I only have 56/k :P, but once i get ADSL, I'm more than happy to allow AO memebers to access it
    Be careful of this option. Opening it up to those that you don't know can be risky and your goodwill may be used as an opportunity to attack others. There can be some serious legal implications that you'd be responsible for if you do set it up without appropriate "legal mumbo-jumbo". So you may want to reconsider this option. It's not to say that AO members would do it but we have no mechanism to verify the "ethics" of some of the members.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •